dev-python/paramiko: Bump to 3.2.0

Signed-off-by: Michał Górny <mgorny@gentoo.org>

4 files changed, 250 insertions, 0 deletions

diff --git a/dev-python/paramiko/Manifest b/dev-python/paramiko/Manifest
index e8f8b589c1eb..1b3bc344a812 100644
--- a/dev-python/paramiko/Manifest
+++ b/dev-python/paramiko/Manifest
@@ -1 +1,2 @@
 DIST paramiko-3.1.0.gh.tar.gz 351910 BLAKE2B 7350626f3a8e54d8950085cbd8253f5564355abb4db7c65113c0df22674e3df0081da7299cfad779f1fcf9569b01720b6ab5dc2bde32c4a71500e79910caf4c8 SHA512 1a556a5b7a6ebc72a0c61b59f326a95c9f2784d74fdc1a171455867ba7b4b07a15741e168747b5a3a225685ad069e2d58021f54dadf7feb00f8acf65b0c07d51
+DIST paramiko-3.2.0.gh.tar.gz 374709 BLAKE2B 80ec5678a51dc8a0eadd28228ae70a8912fb9a4be1807f5f65a925dd2252fd43ebba6f63b350b62ff7545d9ed0db6e4a78710fb73cff332e6d1ed996b0f1a7d9 SHA512 1d87a19284cef73a76eb7402d0492eb35d4a0588becd2f67ba19fe1498d6c10927127617398de11184d4865c8ce0f3e0c48194d50ef546414a17cf6faff3c39d
diff --git a/dev-python/paramiko/files/paramiko-3.2.0-disable-server.patch b/dev-python/paramiko/files/paramiko-3.2.0-disable-server.patch
new file mode 100644
index 000000000000..942f5161ee6f
--- /dev/null
+++ b/dev-python/paramiko/files/paramiko-3.2.0-disable-server.patch
@@ -0,0 +1,58 @@
+From a47e9bdc80224c9ceafcea6da5cea1539ddfbd4d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
+Date: Fri, 26 May 2023 06:05:13 +0200
+Subject: [PATCH 3/3] Disable server component due to security issues
+
+---
+ paramiko/transport.py | 4 ++++
+ tests/conftest.py     | 5 +++++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/paramiko/transport.py b/paramiko/transport.py
+index 8785d6bb..803d07d1 100644
+--- a/paramiko/transport.py
++++ b/paramiko/transport.py
+@@ -120,6 +120,8 @@ from paramiko.util import (
+ )
+ 
+ 
++SERVER_DISABLED_BY_GENTOO = True
++
+ # for thread cleanup
+ _active_threads = []
+ 
+@@ -768,6 +770,8 @@ class Transport(threading.Thread, ClosingContextManager):
+             `.SSHException` -- if negotiation fails (and no ``event`` was
+             passed in)
+         """
++        if SERVER_DISABLED_BY_GENTOO:
++            raise Exception("Disabled by Gentoo for security reasons. Enable with 'server' USE flag")
+         if server is None:
+             server = ServerInterface()
+         self.server_mode = True
+diff --git a/tests/conftest.py b/tests/conftest.py
+index 7546aae4..804a289e 100644
+--- a/tests/conftest.py
++++ b/tests/conftest.py
+@@ -16,6 +16,7 @@ from paramiko import (
+     Ed25519Key,
+     ECDSAKey,
+     PKey,
++    transport,
+ )
+ 
+ from ._loop import LoopSocket
+@@ -23,6 +24,10 @@ from ._stub_sftp import StubServer, StubSFTPServer
+ from ._util import _support
+ 
+ 
++# We need the server component for testing
++transport.SERVER_DISABLED_BY_GENTOO = False
++
++
+ # Perform logging by default; pytest will capture and thus hide it normally,
+ # presenting it on error/failure. (But also allow turning it off when doing
+ # very pinpoint debugging - e.g. using breakpoints, so you don't want output
+-- 
+2.40.1
+
diff --git a/dev-python/paramiko/files/paramiko-3.2.0-nih-test-deps.patch b/dev-python/paramiko/files/paramiko-3.2.0-nih-test-deps.patch
new file mode 100644
index 000000000000..84fb618dffb8
--- /dev/null
+++ b/dev-python/paramiko/files/paramiko-3.2.0-nih-test-deps.patch
@@ -0,0 +1,134 @@
+From 33c56a44f425bb5c4bf63759fbe85cfee06ab087 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
+Date: Tue, 17 May 2022 07:26:36 +0200
+Subject: [PATCH 1/3] Replace pytest-relaxed with plain pytest.raises
+
+There is really no technical reason to bring pytest-relaxed to call
+@raises as a decorator while plain pytest works just fine.  Plus,
+pytest.raises() is used in test_sftp already.
+
+pytest-relaxed causes humongous breakage to other packages
+on the system.  It has been banned from Gentoo for this reason.
+---
+ tests/test_client.py | 19 +++++++++----------
+ 1 file changed, 9 insertions(+), 10 deletions(-)
+
+diff --git a/tests/test_client.py b/tests/test_client.py
+index 1c0c6c84..c12cbe9a 100644
+--- a/tests/test_client.py
++++ b/tests/test_client.py
+@@ -33,7 +33,6 @@ import weakref
+ from tempfile import mkstemp
+ 
+ import pytest
+-from pytest_relaxed import raises
+ from unittest.mock import patch, Mock
+ 
+ import paramiko
+@@ -799,11 +798,11 @@ class PasswordPassphraseTests(ClientTest):
+ 
+     # TODO: more granular exception pending #387; should be signaling "no auth
+     # methods available" because no key and no password
+-    @raises(SSHException)
+     @requires_sha1_signing
+     def test_passphrase_kwarg_not_used_for_password_auth(self):
+-        # Using the "right" password in the "wrong" field shouldn't work.
+-        self._test_connection(passphrase="pygmalion")
++        with pytest.raises(SSHException):
++            # Using the "right" password in the "wrong" field shouldn't work.
++            self._test_connection(passphrase="pygmalion")
+ 
+     @requires_sha1_signing
+     def test_passphrase_kwarg_used_for_key_passphrase(self):
+@@ -823,15 +822,15 @@ class PasswordPassphraseTests(ClientTest):
+             password="television",
+         )
+ 
+-    @raises(AuthenticationException)  # TODO: more granular
+     @requires_sha1_signing
+     def test_password_kwarg_not_used_for_passphrase_when_passphrase_kwarg_given(  # noqa
+         self,
+     ):
+         # Sanity: if we're given both fields, the password field is NOT used as
+         # a passphrase.
+-        self._test_connection(
+-            key_filename=_support("test_rsa_password.key"),
+-            password="television",
+-            passphrase="wat? lol no",
+-        )
++        with pytest.raises(AuthenticationException):
++            self._test_connection(
++                key_filename=_support("test_rsa_password.key"),
++                password="television",
++                passphrase="wat? lol no",
++            )
+-- 
+2.40.1
+
+From a75bdc46a6eb72a0b0e80eeafad2e2a2536a9bd8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
+Date: Sat, 21 Jan 2023 06:56:09 +0100
+Subject: [PATCH 2/3] Remove icecream dep
+
+---
+ tests/conftest.py | 7 -------
+ 1 file changed, 7 deletions(-)
+
+diff --git a/tests/conftest.py b/tests/conftest.py
+index 12b97283..7546aae4 100644
+--- a/tests/conftest.py
++++ b/tests/conftest.py
+@@ -22,13 +22,6 @@ from ._loop import LoopSocket
+ from ._stub_sftp import StubServer, StubSFTPServer
+ from ._util import _support
+ 
+-from icecream import ic, install as install_ic
+-
+-
+-# Better print() for debugging - use ic()!
+-install_ic()
+-ic.configureOutput(includeContext=True)
+-
+ 
+ # Perform logging by default; pytest will capture and thus hide it normally,
+ # presenting it on error/failure. (But also allow turning it off when doing
+-- 
+2.40.1
+
+From a4f96f21450942398b46f2b5f125b89297f3f3f2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
+Date: Fri, 26 May 2023 06:18:25 +0200
+Subject: [PATCH] Remove pointless use of Lexicon vendored from invoke with
+ class
+
+---
+ tests/conftest.py | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/tests/conftest.py b/tests/conftest.py
+index 7546aae4..45362de8 100644
+--- a/tests/conftest.py
++++ b/tests/conftest.py
+@@ -4,8 +4,6 @@ import shutil
+ import threading
+ from pathlib import Path
+ 
+-from invoke.vendor.lexicon import Lexicon
+-
+ import pytest
+ from paramiko import (
+     SFTPServer,
+@@ -132,6 +130,10 @@ for datum in key_data:
+     datum.insert(0, short)
+ 
+ 
++class Lexicon:
++    pass
++
++
+ @pytest.fixture(scope="session", params=key_data, ids=lambda x: x[0])
+ def keys(request):
+     """
+-- 
+2.40.1
+
diff --git a/dev-python/paramiko/paramiko-3.2.0.ebuild b/dev-python/paramiko/paramiko-3.2.0.ebuild
new file mode 100644
index 000000000000..74945454d841
--- /dev/null
+++ b/dev-python/paramiko/paramiko-3.2.0.ebuild
@@ -0,0 +1,57 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_USE_PEP517=setuptools
+PYTHON_COMPAT=( python3_{10..11} )
+PYTHON_REQ_USE="threads(+)"
+
+inherit distutils-r1
+
+DESCRIPTION="SSH2 protocol library"
+HOMEPAGE="
+	https://www.paramiko.org/
+	https://github.com/paramiko/paramiko/
+	https://pypi.org/project/paramiko/
+"
+SRC_URI="
+	https://github.com/paramiko/paramiko/archive/${PV}.tar.gz
+		-> ${P}.gh.tar.gz
+"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+# the release is broken
+# https://github.com/paramiko/paramiko/issues/2245
+KEYWORDS=""
+IUSE="examples server"
+
+RDEPEND="
+	>=dev-python/bcrypt-3.1.3[${PYTHON_USEDEP}]
+	>=dev-python/cryptography-2.5[${PYTHON_USEDEP}]
+	>=dev-python/pynacl-1.0.1[${PYTHON_USEDEP}]
+	>=dev-python/pyasn1-0.1.7[${PYTHON_USEDEP}]
+"
+
+distutils_enable_tests pytest
+
+src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/${PN}-3.2.0-nih-test-deps.patch"
+	)
+
+	if ! use server; then
+		PATCHES+=( "${FILESDIR}/${PN}-3.2.0-disable-server.patch" )
+	fi
+	distutils-r1_src_prepare
+}
+
+python_install_all() {
+	distutils-r1_python_install_all
+
+	if use examples; then
+		docinto examples
+		dodoc -r demos/*
+	fi
+}